<?php
require_once('common.inc.php');
require_once(_INC_PATH.'database.php');
require_once(_INC_PATH.'captcha.inc');
session_start();

$db = new database();

if($_REQUEST['cmd'] == "login"){
	$systemMsg=checkLogin();
	if(empty($systemMsg)){
		$sql="select id,password,user_name from tbl_user where status='0' 
			  and user_name='".mysql_escape_string($_REQUEST['user_name'])."'";
		$data = $db->loadRow($sql);
		if(empty($data)){
			$systemMsg['user_name']=USERIDERROR2;
		}elseif($data['password']!=md5($_REQUEST['password'])){
			$systemMsg['password']=PASSWORDERROR3;
		}else{
			$sql="update tbl_user set login_time=CURRENT_TIMESTAMP 
				  where id='".$data['id']."'";
			$db->query($sql);
			setloginCookie($data['id']);//设置cookie
		}
	}
	if(empty($systemMsg)){
		if( $_REQUEST['forward']!='' )
		{	
			$forward = $_REQUEST['forward'];
		}
		else if( isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '' )
		{
			$forward = $_SERVER['HTTP_REFERER'];
		}
		else
		{
			$forward = _HOST_ROOT."/my/";
		}

		if( $forward == _HOST_ROOT."/regist.php"  || $forward == _HOST_ROOT."/login.php" )
		{
			$forward = _HOST_ROOT."/my/";    
		}

		header("location: $forward");
	}else{
		setHiddenParam($smarty,$_REQUEST);
		$smarty->assign('systemMsg',$systemMsg);
		Display('login.tpl');
	}
}else if($_REQUEST['cmd']=="captcha"){
	SHOWCAPTCHA();
}elseif($_REQUEST['cmd']=="ajaxLogin"){
	$systemMsg=checkLogin();
	if(empty($systemMsg)){
		$sql="select id,password,user_name from tbl_user where status='0' 
			  and user_name='".mysql_escape_string($_REQUEST['user_name'])."'";
		$data = $db->loadRow($sql);
		if(empty($data)){
			$systemMsg['user_name']=USERIDERROR2;
			echo "0#".array_shift($systemMsg);
			die;
		}elseif($data['password']!=md5($_REQUEST['password'])){
			$systemMsg['password']=PASSWORDERROR3;
			echo "0#".array_shift($systemMsg);
			die;
		}else{
			$sql="update tbl_user set login_time=CURRENT_TIMESTAMP 
				  where id='".$data['id']."'";
			$db->query($sql);
			setloginCookie($data['id']);//设置cookie
			echo "1#恭喜您，登录成功！";
			die;
		}
	}
	else{
		echo "0#".array_shift($systemMsg);
		die;
	}
}else{
	Display('login.tpl');
}

function checkLogin()
{
	$systemMsg=array();
	if($_REQUEST['user_name']==""){
		$systemMsg['user_name']=USERIDERROR1;
	}
	if($_REQUEST['password']==""){
		$systemMsg['password']=PASSWORDERROR1;
	}
	if($_REQUEST['word']==""){
		$systemMsg['word']=WORDERROR1;
	}else{
		$captcha = new captcha();
		$ret=$captcha->check_word($_REQUEST['word']);
		if(!$ret)$systemMsg['word']=WORDERROR2;
	}
	return $systemMsg;
}
function setHiddenParam(&$smarty,$_REQUEST){		
	$smarty->assign("user_id",$_REQUEST["user_id"]);
	$smarty->assign("password",$_REQUEST["password"]);
	$smarty->assign("word",$_REQUEST["word"]);
}
function setloginCookie($id)
{
	global $db,$cookie_field,$cookie_time;
	$sql = "select ".implode(",",$cookie_field)." from tbl_user where id='$id'";
	$data = $db->loadRow($sql);
	if($data['user_name']){
		$data['unicodeUsername'] = str2unicode($data['user_name']);
	}
	_setcookie($data, $cookie_time);
	return true;
}
?>